on 20-Jul-2020 15:24
This article is the third in the three-part series.
Go to Part 1 here: Secure Access to Web Applications with F5 and Okta using SAML 2.0 (1 of 2)
Go to Part 2 here: Secure Access to Web Applications with F5 and Okta using SAML 2.0 (2 of 2)
Multi-factor Authentication (MFA) is a security best practice that enhances authentication by requesting two or more verifiable authentication factors. Common authentication factors are: Something You Know, Something You Have, and Something You Are. In addition to configuring native MFA support, the F5 BIG-IP Access Policy Manager (APM) system offers the flexibility to combine multiple authentication mechanisms from partners like Okta.
In this DevCentral blog, we will look at how to configure APM for Okta MFA to authenticate using Something You Know and Something You Have. The HTTP connector for Okta MFA is supported in F5 BIG-IP APM system running TMOS v16.0 or later.
Follow the steps below to configure ‘Okta Verify’ for mobile MFA.
Figure 1: Activate Okta Verify MFA
Figure 2: Assign the MFA policy to the user group
Follow the steps below to configure the HTTP connector for Okta MFA.
Figure 3: Create the DNS resolver
Figure 4: Sample HTTP connector configuration
Figure 5: Sample Okta connector configuration
Note: To create a new Okta API token, navigate to Okta web UI >> Security >> API and click on Tokens.
Follow the steps below to create an access profile and per-request access policy for Okta MFA and assign them to the application.
Figure 6: Sample access profile configuration
Figure 7: Sample per-request policy
Figure 8: Sample Okta MFA configuration with ‘Okta Connector’ assigned
Figure 9: Assign the access profile and per-request policy to the virtual server
Follow the steps below to setup and validate mobile MFA using ‘Okta Verify’.
Figure 10: User prompted for MFA after successful authentication
The joint F5 and Okta MFA integration offers a compelling solution for customers who are interested in securely accessing enterprise applications on-premises and in any cloud by increasing the assurance of authentication.
Part 1 - Secure Access to Web Applications with F5 and Okta using SAML 2.0
Part 2 - Secure Access to Web Applications with F5 and Okta using SAML 2.0
BIG-IP APM Product Information: Knowledge Center
Free Training Course: Getting Started with BIG-IP Access Policy Manager (APM)
Lightboard Lesson: F5 Access Policy Manager and Okta - Single Sign On and Multi-Factor Authentication
External Resource: F5 | Okta partnership
Can this still be done in 14.1.x and beyond?
The doc I was looking at is 16.x, I thought it was earlier.
In 14.1.4, there is no HTTP Connector, appears to be an MFA Connector ? Is there documentation on how to set this up in 14.1.4?